agent-types
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a purely informational markdown file providing documentation and usage examples for different agent types. It does not include any scripts, executable commands, or sensitive data access operations.
- [INDIRECT_PROMPT_INJECTION]: The skill describes several agent types (such as
swarm:rlm-code-analyzerandfeature-dev:code-explorer) that are specifically designed to ingest and process external files, codebases, and datasets. This represents a known vulnerability surface for indirect prompt injection if the data being analyzed contains malicious instructions. - Ingestion points: Agents are directed to process codebase files, log files, and data chunks (e.g.,
/tmp/rlm-chunks/). - Boundary markers: The documentation examples use structured key-value pairs in prompts (e.g.,
Query:,File:,Analysis focus:) to separate instructions from data, though they do not explicitly mention the use of unique delimiters for the content itself. - Capability inventory: The documented agents possess varying levels of capability, ranging from read-only access (
Explore,Plan) to full shell and tool access (Bash,general-purpose). - Sanitization: The skill provides high-level guidance and does not specify internal sanitization or validation logic for the content being analyzed.
Audit Metadata